Home

CVE-2021-3677

Description

A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.192

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-3677 Announcement are fixed in Postgresql 11.13Windows
Vulnerabilities CVE-2021-3677 Announcement are fixed in Postgresql 12.8Windows
Vulnerabilities CVE-2021-3677 Announcement are fixed in Postgresql 13.4Windows
Vulnerabilities CVE-2021-3677 are fixed in PostgreSQL 13.4Windows
Vulnerabilities CVE-2021-3677 are fixed in PostgreSQL 12.8Windows
Vulnerabilities CVE-2021-3677 are fixed in PostgreSQL 11.13Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.1Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.3Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.4Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 11.0Windows
Object-relational SQL database (USN-5038-1) postgresql-10_10.18-0ubuntu0.18.04.1_i386.debLinux
Object-relational SQL database (USN-5038-1) postgresql-10_10.18-0ubuntu0.18.04.1_amd64.debLinux
Object-relational SQL database (USN-5038-1) postgresql-12_12.8-0ubuntu0.20.04.1_i386.debLinux
Object-relational SQL database (USN-5038-1) postgresql-12_12.8-0ubuntu0.20.04.1_amd64.debLinux
Object-relational SQL database (USN-5038-1) postgresql-13_13.4-0ubuntu0.21.04.1_i386.debLinux
Object-relational SQL database (USN-5038-1) postgresql-13_13.4-0ubuntu0.21.04.1_amd64.debLinux
Pg_repack update (ELSA-2021-5235) pg_repack-1.4.6-3.module+el8.5.0+20333+86306fc7.x86_64.rpmLinux
Pgaudit update (ELSA-2021-5235) pgaudit-1.4.0-5.module+el8.5.0+20333+86306fc7.x86_64.rpmLinux
Postgres-decoderbufs update (ELSA-2021-5235) postgres-decoderbufs-0.10.0-2.module+el8.5.0+20333+86306fc7.x86_64.rpmLinux
Postgresql update (ELSA-2021-5235) postgresql-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-contrib update (ELSA-2021-5235) postgresql-contrib-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-docs update (ELSA-2021-5235) postgresql-docs-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-plperl update (ELSA-2021-5235) postgresql-plperl-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-plpython3 update (ELSA-2021-5235) postgresql-plpython3-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-pltcl update (ELSA-2021-5235) postgresql-pltcl-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-server update (ELSA-2021-5235) postgresql-server-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-server-devel update (ELSA-2021-5235) postgresql-server-devel-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-static update (ELSA-2021-5235) postgresql-static-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-test update (ELSA-2021-5235) postgresql-test-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-test-rpm-macros update (ELSA-2021-5235) postgresql-test-rpm-macros-12.9-1.module+el8.5.0+20463+3d6b40f2.noarch.rpmLinux
Postgresql-upgrade update (ELSA-2021-5235) postgresql-upgrade-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
Postgresql-upgrade-devel update (ELSA-2021-5235) postgresql-upgrade-devel-12.9-1.module+el8.5.0+20463+3d6b40f2.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update pg_repack-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update pg_repack-debugsource-1.4.6-3.module+el8.5.0+11354+78b3c9c5.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgres-decoderbufs-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgres-decoderbufs-debugsource-0.10.0-2.module+el8.5.0+11354+78b3c9c5.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-contrib-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-debugsource-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-docs-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-plperl-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-plpython3-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-pltcl-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-server-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-server-devel-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-static-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-test-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-test-rpm-macros-12.9-1.module+el8.5.0+13373+4554acc4.noarch.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-upgrade-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5235) postgresql:12 security update postgresql-upgrade-devel-12.9-1.module+el8.5.0+13373+4554acc4.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update pg_repack-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update pg_repack-debugsource-1.4.6-3.module+el8.5.0+11357+bcc62552.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-contrib-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-debugsource-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-plperl-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-plpython3-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-pltcl-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-server-devel-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-static-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-test-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-test-rpm-macros-13.5-1.module+el8.5.0+13344+8c0fd184.noarch.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-upgrade-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
(RHSA-2021:5236) postgresql:13 security update postgresql-upgrade-devel-13.5-1.module+el8.5.0+13344+8c0fd184.x86_64.rpmLinux
Vulnerabilities CVE-2021-3677 Announcement are fixed in Postgresql 11.13 (For Linux)Linux
Vulnerabilities CVE-2021-3677 Announcement are fixed in Postgresql 12.8 (For Linux)Linux
Vulnerabilities CVE-2021-3677 Announcement are fixed in Postgresql 13.4 (For Linux)Linux
Vulnerabilities CVE-2021-3677 are fixed in PostgreSQL 13.4 (For Linux)Linux
Vulnerabilities CVE-2021-3677 are fixed in PostgreSQL 12.8 (For Linux)Linux
Vulnerabilities CVE-2021-3677 are fixed in PostgreSQL 11.13 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234